When I first decided to start my journey, I had no idea where to begin. I wasn’t completely ignorant conceptually; most people have seen a movie or TV show with hacking in it. Hell, I’ve worked with pentester in past professional lives and even have a couple of technical cyber degrees under my belt, but none of them really gave me real-world experience. I was already familiar with Kali Linux and Metasploit as tools, as well as the C|EH and OSCP certifications, but outside of dabbling with them in the past for classes they seemed so far beyond me.
So my first focus was fixing that!
TryHackMe
I heard about the TryHackMe platform from multiple sources including a number of YouTube educators like John Hammond and David Bombal and it has proven to be the best place for me. The platform is very user friendly, especially for beginners, and it presents the information in easily consumable “rooms”.
They offer a number of career paths to learn or you can opt for individual rooms which focus on specific skillsets and challenges. I’m currently working through the Jr. Penetration Tester Path, which has been awesome in giving me a refresher on somethings and deep diving into others like Metasploit exploits, vulnerability research and web exploitation techniques.
I would 100% recommend TryHackMe as a starting point for beginners+.
Offensive Security
One of the first training platforms I turned to was Offensive Security. They’re home to the Offensive Security Certified Professional (OSCP) ethnical hacking certification and offer a ton of training. They even have Fundamentals Package which includes access to training for all of their base courses Pen 101, SOC 101, Web 101, etc. plus a voucher for two of their low-level certifications. OffSec offers very dense training modules which can be a bit heavy to digest at times, but there is a ton of information and technical knowledge to be learned here.
Preference
As mentioned, OffSec isn’t as user-friendly or easily consumed for beginners, at least it isn’t for me. It has great information, but very dry to consume when compared to TryHackMe’s layout. The other downside is the huge upfront price point.
TryHackMe Premium is $10/month vs. Offsec’s upfront $800 annually ($67/monthly) for their fundamental bundle. As I mentioned, there are multiple courses in the bundle, but that’s still a big price tag.
I’ve already paid for the OffSec fundamental package, so I have time to revisit it later in the year. Right now, I’ve chosen to focus on the TryHackMe platform because of its more easily digestible teaching style. Hopefully, once I finish with my current training path I’ll be able to better appreciate the denser information from OffSec.
